NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #338

Daniel Convissor danielc at analysisandsolutions.com
Sun Mar 26 19:27:19 EST 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #338

APPLICATIONS USING PHP
----------------------
ADOdb Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16720

PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16758

SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
http://www.securityfocus.com/bid/16756

PHPNuke Index.PHP Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/16732

PHPNuke CAPTCHA Bypass Weakness
http://www.securityfocus.com/bid/16722

Leif M. Wright Blog HTML Injection Vulnerability
http://www.securityfocus.com/bid/16715

Leif M. Wright Blog Information Disclosure Vulnerability
http://www.securityfocus.com/bid/16712

MyBB Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16708

V-webmail Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16706

BirthSys Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16684

RCBlog Index.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/16342

E107 Website System Chatbox Plugin HTML Injection Vulnerability
http://www.securityfocus.com/bid/16719

Coppermine Multiple File Include Vulnerabilities
http://www.securityfocus.com/bid/16718

Geeklog Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16755

Admbook Remote PHP Script Code Execution Vulnerability
http://www.securityfocus.com/bid/16753

PostNuke Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16752

Guestbox HTML Injection Vulnerability
http://www.securityfocus.com/bid/16751

Melange Chat Session Header Information Disclosure Vulnerability
http://www.securityfocus.com/bid/16747

Barracuda Directory Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/16746

IlchClan Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16735

Magic Calendar Lite Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16734

TTS Software Time Tracking Software Edituser.PHP Access Validation Vulnerability
http://www.securityfocus.com/bid/16731


RELATED STUFF
-------------
GnuPG Detached Signature Verification Bypass Vulnerability
http://www.securityfocus.com/bid/16663
This was fixed in version 1.4.2.1, but other issues were fixed
subsequently, so upgrade to 1.4.2.2.

More information about the talk mailing list